FIG. 1A shows a conventional telecommunications network which includes a packet-based telephone service. The telephone service may for example include voice, fax, video-phone and streaming video capabilities or a combination of these or suchlike, but will hereinafter be referred to as a telephone service.
Telephone calls can be sent as packet-based data using the Internet Protocol (IP), and such calls are known as Voice over Internet Protocol (VoIP) calls. Telephone calls may be placed through several types of connections such as a Plain Old Telephone System (POTS) connection, an integrated Services Digital Network (ISDN) connection or a Voice over Digital Subscriber Line (VoDSL) connection, the latter being suitable for transmitting analogue voice calls and packet-based data simultaneously down the same telephone line. Other connections such as other broadband type connections or wireless connections could also be present here.
Calls can be routed to an entity 4 known as a call agent, media gateway controller or softswitch, the first of these three terms being used hereinafter, responsible for handling signaling information for telephone calls in the network. Calls could be routed to the call agent from one of a number of call sources 2 including Multi-Service Access Nodes (MSANs), Session Initiation Protocol (SIP) telephones, Media Gateways (MGs) and other call agents in the same or different networks. Several call sources may be connected to the same call agent and many other call agents may be necessary depending on the size and complexity of the network.
Call agents typically provide the intelligence that controls connection services, the ability to select processes that can be applied to a call, routing for a call within the network based on signaling and subscriber database information, the ability to transfer control of the call to another network element and management functions such as provisioning, fault detection and billing. For ease of explanation, it is hereafter assumed that a call agent is one network entity, although in practice it may be a distributed set of entities.
The call agent 4 typically processes the signaling information for calls received from one or more call sources 2 and then routes the calls to one or more call targets 6. The call sources and call targets may include the same set, or overlapping sets, of endpoints, such as telephony devices. Telephony devices are typically capable of acting as a call source or a call target depending on whether they are the source or target of a call attempt.
FIG. 1B shows an exemplary conventional telecommunications network wherein call agent 4 routes calls received from call sources 2 to another network entity, typically a media gateway 8, but alternatively another call agent or MSAN. A media gateway operates on the boundary between two different network protocol environments, facilitating communication between the two environments. The media gateway 8 typically includes communications switch equipment (not shown) and operates between a packet-based part of the telecommunications network and the Public Switched Telephone Network 10.
Whereas the call agent handles signaling data for calls, there may similarly be a media node (not shown) or switch responsible for handling the call media data. The media node could be a part of the media gateway, or alternatively be a separate network entity. Media data includes the payload of the call (for example the voice or video data) as opposed to the signaling data packets used for controlling the call. A media node is responsible for processing the higher bandwidth connections required for delivering media data, and typically incorporates multiplexing functionality.
During normal operation, a call agent in a conventional packet-based telecommunications network is typically able to handle all the signaling information for the call attempts it receives. However, if a call agent in a conventional packet-based telecommunications network receives more signaling information for call attempts than it is able to handle it will go into overload. When a call agent is in overload it is nearing or has reached the limit of its processing capabilities and new call attempts will either be buffered into an overload queue, thereby causing the call attempts to be delayed, or the call attempts will be dropped altogether. The overload queue may be separate from the requisite input buffer queue in the call agent or may be an extension of this.
Such an overload of signaling information may be caused by an increased number of genuine telephone call attempts, for example during a scheduled mass calling event such as a telephone voting event or a telephone ticket sales event. An overload may also be caused by a large amount of bogus call attempts caused by a malicious Denial of Service (DoS) attack on the network by a “hacker” or “phreaker” intent on disrupting the network or particular pans of the network. Such an attack may involve a plurality of network entities distributed across the network targeting one or more other network entities so that such a distributed attack, known as a Distributed Denial of Service (DDoS), may be difficult to prevent or stop once it has begun.
A known system provides a method and system which use a call agent for exercising management over endpoints communicating over a packet-based network. An endpoint can call and be called and is where media data for a call is generated or terminated such as a Session Initiation Protocol (SIP) terminal or gateway. The communications supported include VoIP, Voice over Asynchronous Transfer Mode (VoATM), video conferencing, data transfer and telephony. The call agent sets up a connection for a communication and then the media information is transferred between the endpoints via media gateways in a similar network to that depicted in FIG. 1B. Clusters of call agents are distributed across the network to handle access attempts from different locations, but there is no mention of any ability to accommodate an overload of attempts to access the network either from genuine or malicious sources.
Various mechanisms have been proposed to try and provide effective congestion control in packet-based telecommunications networks. One such proposed mechanism involves including protocol specific extensions, for example in the existing Megaco media gateway control protocol (International Telecommunication Union Telecommunication Standardization Sector (ITU-T) Recommendation H.248) and SIP, where the overload control is performed on the originating MSANs. A more recent generic overload signaling protocol known as the Generic Overload Control Activation Protocol (GOCAP) has also been proposed, possibly including multicast flows where a single overload control packet can be addressed to multiple recipients over the network, which could be utilized in preference to multiple per-protocol extension solutions. Alternatively, overload control can be carried out either in the call agent or at end points.
Whilst the above mechanisms work in some circumstances, they all suffer from the fact that effective scaling of the mechanism over the network cannot readily be achieved cost-effectively. There are several causes of this difficulty.
Firstly, call agents typically maintain state information for each call attempt and replicate that state between primary and backup call agent processing elements in order to ensure full transparency of service across a hardware or network failure. The storage and replication of this call state requires considerable resources, limiting the call agent's scalability and hence capacity to handle arbitrarily large signaling loads.
Secondly, existing protocol-specific congestion control mechanisms, such as ITU-T Recommendation H.248.11 typically focus on protecting the MSAN or MG nodes from overload by the call agent. This is because the call agent typically has a faster processor and is able to generate more messages than a single MSAN or MG can handle. However the aggregate of all MSANs and MGs connected to a single call agent could still potentially overload that call agent, or specific endpoints may be compromised and used as part of signaling-based DDoS attack on the call agent or part of the network.
Any solution requiring a unicast overload control packet to flow to each endpoint would be slow to react to rapid rises in call attempts and would create a large amount of load on the network itself hence adding to the network overload. There can also be problems ensuring fairness across a large number of endpoints each of which is independently applying call overload control. Any solution requiring multicast overload control packets inherently relies on the increased complexity of miming reliable multicast services across the Internet Protocol (IP) core or access networks. Any solution placing call overload control in the call agent requires the call agent to be able to scale to tolerate any conceivable load of call attempts, which is unrealistic. Furthermore, any solution requiring collaboration from the end points to achieve overload control cannot solve a DDoS attack where large numbers of endpoints can be compromised or spoofed.
Thus, a problem with conventional packet-based telecommunications networks is that there is no effective, scalable mechanism for preventing overload of call agents due to a high number of requests for access to the network, which typically leads to the network services being unable to provide an acceptable quality of service during such events.
It would be desirable to provide improved measures for preventing overload of call agents in a packet-based telecommunications network.